Linux Kernel Memory Leak Vulnerability in Block Device Management

A memory leak vulnerability has been identified in the Linux kernel's block device management. The issue arises in the '__blkdev_issue_zero_pages' function, where the allocation of a 'bio' structure occurs before checking for pending fatal signals. If a fatal signal is detected, the function exits the loop without properly freeing or chaining the allocated 'bio', leading to a memory leak. This vulnerability affects the Linux kernel stable tree and has been addressed by moving the fatal signal check prior to the 'bio' allocation, aligning it with the existing pattern in the '__blkdev_issue_write_zeroes' function.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the 'ioctl' command with the 'BLKZEROOUT' option on a block device, while a fatal signal is pending. This will trigger the memory leak, as the function '__blkdev_issue_zero_pages' will allocate a 'bio' without chaining it, leaving it orphaned and causing a leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.